From 18297f5d168fb799995d62d3d109cd8f427b1cdc Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Thu, 2 Feb 2023 17:11:37 +0100
Subject: [PATCH] added role for "drone" CI/CD

---
 host_vars/drone.universe.local.yml           |  1 +
 hosts                                        |  4 ++++
 local.yml                                    |  6 ++++++
 roles/drone/tasks/create_app.yml             | 19 +++++++++++++++++++
 roles/drone/tasks/main.yml                   | 11 +++++++++++
 roles/drone/templates/docker.-compose.yml.j2 | 19 +++++++++++++++++++
 roles/drone/vars/drone.universe.local.yml    | 18 ++++++++++++++++++
 7 files changed, 78 insertions(+)
 create mode 100644 host_vars/drone.universe.local.yml
 create mode 100644 roles/drone/tasks/create_app.yml
 create mode 100644 roles/drone/tasks/main.yml
 create mode 100644 roles/drone/templates/docker.-compose.yml.j2
 create mode 100644 roles/drone/vars/drone.universe.local.yml

diff --git a/host_vars/drone.universe.local.yml b/host_vars/drone.universe.local.yml
new file mode 100644
index 0000000..7489acc
--- /dev/null
+++ b/host_vars/drone.universe.local.yml
@@ -0,0 +1 @@
+--
\ No newline at end of file
diff --git a/hosts b/hosts
index e66735b..1a1a05e 100644
--- a/hosts
+++ b/hosts
@@ -22,6 +22,7 @@ cluster
 database
 dhcpserver
 docker
+drone
 fileserver
 icinga
 jitsimeet
@@ -57,6 +58,9 @@ dhcp-kea.universe.local
 docker01.universe.local
 docker02.universe.local
 
+[drone]
+drone.universe.local
+
 [fileserver]
 coruscant.universe.local
 samba-ad-dc.universe.local
diff --git a/local.yml b/local.yml
index 7a62575..8b1f6b5 100644
--- a/local.yml
+++ b/local.yml
@@ -81,6 +81,12 @@
   roles:
     - docker
 
+- hosts: drone
+  tags: server,docker,drone
+  become: true
+  roles:
+    - drone
+
 # - hosts: fileserver
 #   tags: server,fileserver
 #   become: true
diff --git a/roles/drone/tasks/create_app.yml b/roles/drone/tasks/create_app.yml
new file mode 100644
index 0000000..51b8d75
--- /dev/null
+++ b/roles/drone/tasks/create_app.yml
@@ -0,0 +1,19 @@
+- name: drone | create app | generate shared secret
+  command: openssl rand -hex 16
+  register: DRONE_RPC_SECRET
+
+- name: drone | create app | create docker dir
+  file:
+    path: "/opt/docker/drone"
+    state: directory
+
+- name: drone | create app | create docker-compose.yml
+  template:
+    src: "docker-compose.yml.j2"
+    dest: "/opt/docker/drone/docker-compose.yml"
+    validate: "docker-compose -f %s config" # not required. The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the examples below. The command is passed securely so shell features like expansion and pipes will not work.
+
+- name: drone | create app | start docker container
+  command:
+    cmd: "docker-compose up -d"
+    chdir: "/opt/docker/drone"
\ No newline at end of file
diff --git a/roles/drone/tasks/main.yml b/roles/drone/tasks/main.yml
new file mode 100644
index 0000000..900aec0
--- /dev/null
+++ b/roles/drone/tasks/main.yml
@@ -0,0 +1,11 @@
+# Load distro-specific variables
+- include_vars: "{{ ansible_distribution | lower }}.yml"
+  tags: always
+
+- block:
+  - include_role: name=docker
+  - include_tasks: create_app.yml
+
+
+  rescue:
+    - set_fact: task_failed=true
\ No newline at end of file
diff --git a/roles/drone/templates/docker.-compose.yml.j2 b/roles/drone/templates/docker.-compose.yml.j2
new file mode 100644
index 0000000..0d767cc
--- /dev/null
+++ b/roles/drone/templates/docker.-compose.yml.j2
@@ -0,0 +1,19 @@
+version: "3"
+
+services:
+  drone:
+    container_name: drone
+    image: drone/drone:latest
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /opt/docker/drone/data
+    environment:
+      - DRONE_GITEA_SERVER="{{ DRONE_GITEA_SERVER }}"
+      - DRONE_GITEA_CLIENT_ID="{{ DRONE_GITEA_CLIENT_ID }}"
+      - DRONE_GITEA_CLIENT_SECRET="{{ DRONE_GITEA_CLIENT_SECRET }}"
+      - DRONE_RPC_SECRET="{{ DRONE_RPC_SECRET }}"
+      - DRONE_SERVER_HOST="{{ DRONE_SERVER_HOST }}"
+      - DRONE_SERVER_PROTO=http
\ No newline at end of file
diff --git a/roles/drone/vars/drone.universe.local.yml b/roles/drone/vars/drone.universe.local.yml
new file mode 100644
index 0000000..87838ed
--- /dev/null
+++ b/roles/drone/vars/drone.universe.local.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+38393132646461333262323861613935343236623430663761366336626135363966323136623663
+6130636632383064393035613937653033303236653061320a636261393432366536353963356166
+61653936613863333730313634306234336663653836343239333139616136396265383935393832
+6538636534626235660a313164353262623635326361333131366166356464336561366161646265
+39356431316664616230616634333337336431336337666562323731343462393637646161353166
+36326364646437653163383362353135323231613838376235333966303663353331383264613164
+38316437366138366334653164623965646662653437623338616434303836366235656162333964
+62353334626330663464626235396637616633353836313933646266646564366266383533613135
+31353737373765346435353530326239396336623931623733653961383238303339316338633431
+65366332333335656230316535376264373632353534393461343237626533376430363735383433
+66316130383065303639653637626237663966663331316362343166626364323932326635353266
+35313562643763663163623034396661346134393734666130613030663432643631646266656535
+37333963306134393361643334653666356662653362393737646466653065643363353537643539
+35323761336436613533333663373763336462376134326339373037363239643933383365653363
+32373734316338633131313432666161353137363538316561326131373631386431363561373438
+34653931656531626639613438656635653063323732363564343131663736363864623032656561
+62356166633133663034613563376161633137616637326530656433363832656262